News

Resources

Bitdefender, a leading global cybersecurity company protecting over 500 million users worldwide, continues to innovate with the introduction of “Detection of Cyberbullying and Online Predators” features included in Parental Control... Read More

BUCHAREST, Romania/SANTA CLARA, Calif, September 17, 2018 – a leading global cybersecurity company protecting over 500 million users across 150 countries, announced today that CRN®, a brand of The Channel... Read More

Combination Crypto-Ransomware Vaccine Released

Bitdefender anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods.

“The new tool is an outgrowth of the Cryptowall vaccine program, in a way.” Chief Security Strategist Catalin Cosoi explained. “We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender antivirus and we realized we could extend the idea.”

A study conducted by Bitdefender in November 2015 on 3,009 Internet users from the US, France, Germany, Denmark, the UK and Romania offers a victim’s perspective on data loss through crypto-ransomware:

50% of users can’t accurately identify ransomware as a type of threat that prevents or limits access to computer data.

Half of victims are willing to pay up to $500 to recover encrypted data.

You may also like

About the author

Razvan STOICA

Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking. Razvan Stoica started off writing for a science monthly and was the chief editor of a science fiction magazine for a short while before moving on to the University of Medicine in Bucharest where he lectured on the English language. Recruited by Bitdefender in 2004 to add zest to the company's online presence, he has fulfilled a bevy of roles within the company since. In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.

Hello, I try to remotely install this to several computers. I have added the /VERYSILENT to the exe, but I would like also to add these option as default during the install:
Run when Windows starts to ON
Minimize on startup to ON
Miminize to tray to ON

How can I add this to the setup install?
Thanks a lot for your help on this.

Could be nice, but how does that work ? would it be possible to have a technical resume about it ? how this will deal with other protection/monitoring programs ? legacy programs ? it’s appealing but if it’s for having hundreds of users complaining all days because that make legacy app broken….

It should not break anything, as it doesn’t interact with other apps, unlike an antivirus. It’s still recommendable to test it before use and in any case if you are thinking about securing “hundreds of users” you’re better off using something like Gravity Zone.

vaccine tool? What does that mean, if it was a vaccine I would just need to run the software once and I would be inoculated, this however do not seem to be the case? Is a behaviour monotoring tool, does it install a service or do I need to have the GUI running all the time – it is a little unclear if the load with Windows is only the GUI or the entire “protection package”.. Is any license terms available? Anyhow, thanks for a valiant efford.

It’s a vaccine, but it can (and probably will) be updated against new strains, hence the need to run at startup. It does not monitor behavior, it just uses some tricks to prevent those specific families of ransomware from infecting your system.
The software is provided AS-IS, without any implied or explicit guarantees. Redistribution is permitted.

Doesn’t work for the scenario where an Administrator installs it for users who are not administrators. The installer creates a Scheduled Task which launches the program upon logon of any user, but the the task requires elevation, so it fails to run when a non-administrative user logs on.

Would I be correct in assuming that the 4 registry entries thrown up as suspect in an AdwCleaner scan on my Windows 7 PC this morning containing the characters “protector_dll.Protector” are generated by the vaccine and can be ignored?

Hello, I try to remotely install this to several computers. I have added the /VERYSILENT to the exe, but I would like also to add these option as default during the install:
Run when Windows starts to ON
Minimize on startup to ON
Miminize to tray to ON

How can I add this to the setup install?
Thanks a lot for your help on this.
Can I change this providing an inf file?
If yes, what is the format of that file?

as you can see in the comments of my blog [http://www.ransomware.it/bitdefender-antiransomware] some users are experiencing issues with scheduled tasks and the need of elevation at launch. Furthermore, it seems that the scheduled task requires elevation, so it fails to run when a non-administrative user logs on and even if standard users do elevate they are not protected. Any suggestions/workarounds?

I’ve read article
http://www.pcworld.com/article/3049179/security/free-bitdefender-tool-prevents-locky-other-ransomware-infections-for-now.html
but still want to know how does it actually do?
“The new Bitdefender tool takes advantage of these ransomware checks by making it appear as if computers are already infected with current variants of Locky, TeslaCrypt or CTB-Locker. This prevents those programs from infecting them again.”

What does it “vaccines”? What part of Windows tells ransomware it is already infected by it?

Thanks for the kind words! Alas, there is no such statement, beyond the release and about two dozen articles in the media, complete with quotes from Bitdefender representatives. You can download and use it in good faith, from our website or any number of freeware sites.
Please remember, however, that this is experimental stuff and the lack of licensing also means a lack of guarantees of any kind.
We might discontinue it tomorrow, or cease updating it and never tell anyone, or… you get the drift.

Question about this tool. Will it remove, for instance, the locky malware if still running in the infected computer? Suppose that the idea is to clean the malware from the computer without performing a format to the disk drive.

Do you think that it would be possible to change the installer to look for the registry key in HKLM and copy it to HKCU if it finds it? Creating the key just in HKCU makes it impossible for us to silently deploy it alongside the BitDefender AV product we already have on our network.

Ok i see it in revo-uninstaller. was unsure since i On a different win7-pc(mine is winxp)i could see a bitdefender popup(dont know exact name anymore) which couldnt be removed but is now gone after a clean. will check revo uninstaller. dont know if other person installed bitdefender software. MS security essentials in there as default.

Does this program also protect against "CryptoLocker" and "CryptoWall"? As far as I read it in the Wikipedia, these are other ransomware families than just CTB-Locker, Locky and TeslaCrypt. I'm kinda confused now…

I also found a program called "Bitdefender Anti-CryptoLocker 1.0.7.5" Do I need to install this also, or is this program outdated?

MSP here deploying this via powershell using /verysilent switch and everything installs fine. The only thing is it is not set to start automatically with Windows and to minimize to Systray. Are there any other switches during install to make sure BDAntiRansomware is started with Windows?

I update Bitdefender Anti-Cryptowall with last version and Chome crash with "He's dead Jim!. Either Chrome ran out of memory or the process" …
I try to uninstall,restart then install Chrome but Chrome stop, even setting not work…
I unninstall Bitdefender Anti-Cryptowall last update and everything is OK.

The Crypto-ransomware vaccine is a proactive protection mechanism. If used when your computer is in a clean state, it would render potential ransomware impossible to execute. However, if you have already fallen victim to ransomware, the tool won't be able to decrypt the files for you.